> When dropbear is used in a very restricted environment (such as in a > initrd), the default user shell is often also very restricted > and doesn't take care of setting the PATH so the user ends up > with the PATH set by dropbear. Unfortunately, dropbear always > sets "/usr/bin:/bin" as default PATH even for the root user > which should have /usr/sbin and /sbin too.
The default PATH for Dropbear was meant to mirror what login(1) does, so I think that patch makes sense upstream. (BSD login just sets "/usr/bin:/bin" AFAICT, but adding sbin seems sane) Debian could perhaps set a custom config to match the default /etc/login.defs ENV_SUPATH and ENV_PATH which has /usr/local/ and .../games too. Cheers, Matt